Regulatory & Compliance Oversight
The Seven Basic Elements of a Successful Compliance Program
Lessons learned and the basic elements of a successful compliance program have been developed by the US. Department of Health and Human Services Office of Inspector General (OIG) reflecting over 25 years of monitoring Corporate Integrity Agreements (CIAs). In addition, they have considered feedback from research stakeholders as well as the constantly evolving changes in technology and research.
These elements include the following:
- Written Policies and Procedures
- Compliance Leadership and Oversight
- Training and Education
- Effective Lines of Communication with the Compliance Officer and Disclosure Program
- Enforcing Standards: Consequences and Incentives
- Risk Assessment, Auditing, and Monitoring
- Responding to Detected Offenses and Developing Corrective Action Plans
Element 1: Written Policies and Procedures
Organizations can implement a Code of Conduct to outline how researchers and their teams can meet the goals, mission, and ethical conduct of research. By ensuring that written policies and procedures are available to the relevant individuals in a centralized way, the requirements to meet the code of conduct are more transparent.
Element 2: Compliance Leadership and Oversight
“The United States Sentencing Commission’s Guidelines require that an entity’s ‘governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.’”
Organizations should consider three key components:
- Compliance Officer: Leadership should appoint and support a Compliance Officer with clear reporting structure, including direct access to the CEO/President, Compliance Committee, and Board.
- Compliance Committee: This committee works with the Compliance Officer and Board to develop policies and procedures, appropriate training, and ongoing oversight of the compliance program.
- Board Compliance Oversight: The Board is responsible to oversee the compliance officer and compliance program.
Element 3: Training and Education
The Compliance Officer and Compliance Committee should identify educational needs that are specific to the entity. This training should include aspects of the compliance program, regulations, and board governance. Targeted training needs to be considered for the various roles and responsibilities of the researchers, their teams, and the compliance program leadership.
Element 4: Effective Lines of Communication with the Compliance Officer and Disclosure Program
Opportunities for all stakeholders to communicate with the Compliance Officer should be made available in as many venues as possible (e.g., phone, email, confidential reporting programs). Confidentiality and non-retaliation need to be available so that open communication can occur. Consider your organization’s ways of incentivizing compliance through recognizing compliance goals that were met or other contributions to the program.
Element 5: Enforcing Standards – Consequences and Incentives
Your organization should have defined processes that address a report that may require further investigation or consequences for non-compliance. These consequences must be enforced, per policy, to deter further non-compliance across the organization.
Element 6: Risk Assessment, Auditing, and Monitoring
The first step in monitoring your compliance program is identifying the risks across the organization. This will identify the areas where your organization can focus efforts and set goals. Auditing and monitoring can be framed around risks identified so that they are consistently applied to all research teams and departments. The auditing and monitoring process should be ongoing, consistent, and reviewed periodically. This review will ensure that an organization is meeting their compliance obligations and re-focus any efforts, if necessary.
Element 7: Responding to Detected Offices and Developing Corrective Action Plans
An effective compliance program will have outlined procedures to investigate violations. Most compliance programs will need to address violations since research is complex. It is important to consider how these are managed, corrective action plans, and reporting to relevant government agencies.
Summary:
This is a just a summary of the OIG’s guidance to develop and maintain a compliance program. I encourage you to take some time to familiarize yourself with the General Compliance Program Guidance, which contains more details and tips for a successful compliance program.
These basic elements for a successful compliance program can be applied to multiple types of research organizations. Whether you are working at a small institution, one managing billions of dollars of research funding, or conducting biomedical, social/behavioural, and other types of research programs, the framework can support a transparent, effective, and ethical structure for managing research at your organization. Follow this framework, regardless of your setting.
References:
General Compliance Program Guidance, 2023, US Department of Health and Human Services, Office of Inspector General.